Very strange site hacking
I am the admin of a rather large thematic Ukrainian non-commercial subject site, which nobody needs. Yesterday, the 26th day noticed that Sapa does not make money. But the links are correct. They began to dig - they dug up cloaking, modifying the resulting html page code after all its generations. As a result, links to Sapa's robot, as well as to Google and Yandex robots were transmitted from nofollow. And this can only be seen by robots with the appropriate user agent and IP address - people see the normal code.
Hacking carried out by a professional. Data for the cloaking base (user agents and ip) is collected from the left site (also hacked, apparently). Malicious files are not flooded with ftp, but with pieces of code embedded in existing scripts and subsequently erased. File dates are replaced with old ones. It is characteristic that the attacker has a good understanding of the code and inserted the code (very carefully disguised) in the samopisny site engine and the phpbb forum
We are still investigating, but the main issues of the topic. Who and why was it necessary (stupidly close all outgoing links on the site)? Has anyone come across this?
Hacking carried out by a professional. Data for the cloaking base (user agents and ip) is collected from the left site (also hacked, apparently). Malicious files are not flooded with ftp, but with pieces of code embedded in existing scripts and subsequently erased. File dates are replaced with old ones. It is characteristic that the attacker has a good understanding of the code and inserted the code (very carefully disguised) in the samopisny site engine and the phpbb forum
We are still investigating, but the main issues of the topic. Who and why was it necessary (stupidly close all outgoing links on the site)? Has anyone come across this?
')
Source: https://habr.com/ru/post/125051/
All Articles